<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
  "DTD/xhtml1-strict.dtd">
<html>
  <head>
    <title>volatility.plugins.malware.apihooks.ApiHooks.check_inline : API documentation</title>
    <meta content="text/html;charset=utf-8" http-equiv="Content-Type" />
    <link href="apidocs.css" type="text/css" rel="stylesheet" />
    
    
  </head>
  <body>
    <h1 class="staticmethod">v.p.m.a.A.check_inline(va, addr_space, mem_start, mem_end) : static method documentation</h1>
    <p>
      <span id="part">Part of <a href="volatility.html">volatility</a>.<a href="volatility.plugins.html">plugins</a>.<a href="volatility.plugins.malware.html">malware</a>.<a href="volatility.plugins.malware.apihooks.html">apihooks</a>.<a href="volatility.plugins.malware.apihooks.ApiHooks.html">ApiHooks</a></span>
      
      
    </p>
    <div>
      
    </div>
    <div>Check for inline API hooks. We check for direct and indirect
calls, direct and indirect jumps, and PUSH/RET combinations.</p>
<p>&#64;param va: the virtual address of the function to check</p>
<p>&#64;param addr_space: process or kernel AS where the function resides</p>
<dl class="rst-docutils">
<dt>&#64;param mem_start: base address of the module containing the</dt>
<dd>function being checked.</dd>
<dt>&#64;param mem_end: end address of the module containing the func</dt>
<dd>being checked.</dd>
</dl>
<p>&#64;returns: a tuple of (hooked, data, hook_address)<table class="fieldTable"></table></div>

    
    
    <div id="splitTables">
      
      
      
    </div>
    
    
    

    
    <address>
      <a href="index.html">API Documentation</a> for Volatility 2.2, generated by <a href="http://codespeak.net/~mwh/pydoctor/">pydoctor</a> at 2013-06-24 15:16:10.
    </address>
  </body>
</html>